Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT
Attackers are exploiting user familiarity with CAPTCHAs to distribute the Lumma Stealer RAT via malicious PowerShell commands, according to HP
Coverage of remote access trojans examines malware controlling compromised devices, including incidents, analysis, infrastructure, disruption, and defenses.
Search across headline titles and summaries.
Background for this topic.
A remote access trojan (RAT) is malware that gives an unauthorized operator remote control over an infected device. Depending on its design, it may execute commands, browse or copy files, log keystrokes, capture screens, or use a microphone or camera. RATs commonly communicate with attacker-controlled command-and-control infrastructure; capabilities and persistence vary, so reporting should identify the specific family or tool rather than assume every RAT has the same functions.
The main concerns are covert access, exposure of sensitive data, and use of the host to deploy additional malware or alter systems. Defenders should monitor endpoint processes and network behavior, restrict unnecessary outbound connections, keep software patched, and use endpoint controls that can detect unusual remote-control activity. If a RAT is suspected, isolate the device, preserve relevant logs and malware samples, investigate related accounts and hosts, and rotate credentials after containment; blocking one server alone may not remove persistence.
Attackers are exploiting user familiarity with CAPTCHAs to distribute the Lumma Stealer RAT via malicious PowerShell commands, according to HP
The UNC-200 threat group, active since last summer, has been utilizing the Signal messaging app to social engineer targets into downloading an infostealing remote access Trojan.
Also: OKX Temporarily Suspends Services to Prevent Funds LaunderingThis week, $6.1M Wemix theft, OKX suspended services, Vermont dropped Coinbase case, new RAT-targeted crypto wallet extensions, TJ Stone got prison time, Nebraska's new crypto ATM rule, Trezor disclosed a potential bug and British prosecutors charged a former police officer for 50 Bitcoin theft.
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat)
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data
Microsoft has discovered a new remote access trojan (RAT) that employs "sophisticated techniques" to avoid detection, ensure persistence, and extract sensitive information data. [...]